Re: Bug#80503: ssh: default configuration breaks IPv6

To: horape@tinuviel.compendium.net.ar
Cc: 80503@bugs.debian.org, debian-ipv6@lists.debian.org
Subject: Re: Bug#80503: ssh: default configuration breaks IPv6
From: James Antill <james@and.org>
Date: 02 Jan 2001 16:57:51 -0500
Message-id: <nnbstpy5uo.fsf@code.and.org>
In-reply-to: horape@tinuviel.compendium.net.ar's message of "Tue, 2 Jan 2001 17:43:06 -0300"
References: <20001230150352.N27861@seteuid.getuid.de> <20010102140359.A5244@tinuviel.compendium.net.ar> <20010102191003.C6211@bofh.de> <20010102155837.A7435@tinuviel.compendium.net.ar> <20010102202844.A9663@bofh.de> <20010102164524.B10779@tinuviel.compendium.net.ar> <20010102210304.A9818@bofh.de> <nnk88dy9wv.fsf@code.and.org> <20010102174306.A13169@tinuviel.compendium.net.ar>

horape@tinuviel.compendium.net.ar writes:

> ¡Hola!
> 
> > > > Openssh provides the admin a good chosen default (that's activated when
> > > > no ListenAddress directive is present) I don't understand why D.Miller has
> > > > changed it.
> > > Well, maybe we will find it out. :)
> 
> >  AFAIK if the DNS ipv6 reverse lookup times out then the entire
> > reverse lookup times out (either way you have to wait for it), this
> > was certainly a feature of older glibc releases (older may mean before
> > 2.2.0 as well).
> 
> What reverse lookup? Why does sshd needs to do that reverse lookup?
> 
> (BTW, strace'ing sshd there is no reverse lookup done. And when the connection
> is established the reverse lookup would be determined by the host connecting
> to our server -ie, if it uses ipv6 the reverse lookup will be on the ipv6
> address and if ipv4 on the ipv4 address, yet just one reverse lookup and not
> two)

 Sorry it doesn't do a reverse lookup, it just logs the ip addresses
(thought it did the lookup as well for some reason). However
getnameinfo() might well have similar problems dealing with just the
numbers.

> > > > No. That's a bind(2) call. There is no dns lookup anywhere.
> > > Are you sure? I think there's also a dns-lookup involved as otherwise
> > > you won't know the IP-address of the host that ssh should connect to.
> >  The listen address does just influence the bind() call (or should),
> > but if sshd is listening on the ipv6 port then it'll try ipv6 lookups
> > ... which is the prolem.
> 
> If the connection is made using IPv4 the reverse lookup only could be done
> on the ipv4 address of the client. 

 As recently seen in another thread, if you have ipv6 enabled and you
bind to the ipv6 version of your address both ipv4 and ipv6
connections come in through the ipv6 socket ... so on an ipv4
connection getnameinfo() is called with ipv6 info.

 Also I seem to recall that any ipv6 using application won't be binary
compatible with glibc-2.2.x when compiled against 2.1.x (ipv6 working
groups added a member to the struct sockaddr_in6 and thus changed it's
size IIRC).

 Personally I don't see the problem, it's an easy option to change for
those that want ipv6 support (and most don't IMO).

-- 
# James Antill -- james@and.org
:0:
* ^From: .*james@and.org
/dev/null

Reply to:

References:
- Re: ssh: default configuration breaks IPv6
  - From: horape@tinuviel.compendium.net.ar
- Re: Bug#80503: ssh: default configuration breaks IPv6
  - From: horape@tinuviel.compendium.net.ar
- Re: Bug#80503: ssh: default configuration breaks IPv6
  - From: Christian Kurz <shorty@debian.org>
- Re: Bug#80503: ssh: default configuration breaks IPv6
  - From: James Antill <james@and.org>
- Re: Bug#80503: ssh: default configuration breaks IPv6
  - From: horape@tinuviel.compendium.net.ar

Prev by Date: Re: ssh: default configuration breaks IPv6
Next by Date: Re: Bug#80503: ssh: default configuration breaks IPv6
Previous by thread: Re: Bug#80503: ssh: default configuration breaks IPv6
Next by thread: Re: ssh: default configuration breaks IPv6
Index(es):
- Date
- Thread